August 2006 - Posts

The Glory of the Health Savings Account

One of the things that plagues the contract IT worker is the worry over health insurance. I've been in situations many times when you're between companies/contracts and you get stuck footing a huge cobra insurance bill (I've had monthly premiums from cobra for the family at best $500 and at worst $1200). Now, there are several things I've always hated about health insurance, which I'm going to talk about first, then I'm going to talk about why I moved to the HSA plan (Thanks George Bush).

Group Rates

Group rates are a good idea right? right? Well, if you're like some of my coworkers over the years, group rates are great because they can be obese, smoking, drinking, and otherwise unhealthy people and they pay the same rate as I do! It always rubbed me the wrong way that my family is young, healthy, and in generally good shape but we have to pay the same rate as people with the above afflictions. That's how insurance works though, they're using my good health to hedge the risk of other's bad health. Still, when it comes down to it, I feel like I'm getting hosed.

Your Premium

In a traditional group health plan, you (or your company) pays your premium, and if you don't get sick, the money is gone. So at my most recent cobra rate- $623 a month, I was dropping $7426 in premiums alone into health insurance. Apart from maternity costs in recent years, my average utilization of health services has always been under $1500 a year. So basically I'm paying $7426 plus copays (which generally range $10-$25 per) for a $1500 benefit. If I get to the end of the year, the insurance company certainly doesn't say "hey, nice job staying healthy, here's half your premiums back.

Deductibles

Most of your group health insurance plans also carry a deductible that ranges from $250 - $1,000. This means that if you have a surgery, accident, or what have you outside of normal care, you chip in that deductible on top of the $7426 in premiums I paid. My last deductible amount was $500, so in the case of an accident, I would be out $7926 for the year.

Why the HSA is better for me

Health savings accounts are available for insurance holders who have a "high deductible" plan. A high deductible plan typically means for a family that the deductible is greater than $2,200 and less than $10,000. If you actually have a good cash flow/steady income and can bear the burden of paying a deductible of that amount, the cash savings can start rolling in.

Basically, the plan I selected has a family deductible of $5,200, this means the health insurance covers nothing until I have spent $5,200 out of my own pocket. After the $5,200 is met, they pay 100% of everything. For this plan, I pay $160 per month or $1920 per year, a cost savings on premiums alone of $5,506. Now, the majority of my healthcare expenses are wellness and vaccinations for my kids, so I added a rider for $51 / month that covers wellness and preventative check ups for the family, bringing my premium amount to $2,532, still holding down a substantial premium savings of $4,894 per year. Keep in mind that in the case of an accident with the old plan, I'd have to pay the deductible as well, so kick the $500 on to that $4,894 and it's a break even as far as cash out of pocket except with the HSA plan, if we don't have that big expenditure, we save up to $4,894. Putting that money instead into an IRA account would make me a millionaire at age 65.

The HSA part comes in by being allowed to make tax deductible contributions to a savings account that is earmarked for medical expenses. The bank that holds the account issues you a debit card that you can use to pay for your prescription drugs, office visits, etc. Basically anything that leads up to that deductible can be paid for out of this account... tax free (unlike your copays now). Being that I dropped my monthly payment from $636 to $211 with the plan alone, I am kicking $150 a month into the HSA account which should more than cover any medical expenses for the year given my family history. HSA plans, unlike flexible spending accounts roll over year to year and grow with interest. If you never use all of the HSA, when you hit 65 you can withdraw the money in the same style as an IRA, so if you are fortunate health wise, it's almost like a retirement account that you can use for today's medical expenses.

Conclusion

I'm very happy about switching over from an expensive plan to the more effective HSA plan. Not only do I stand to save some money, unlike group insurance premiums, the HSA account is my money, and if it doesn't get used it's still mine, unlike group premiums that disappear into paying for a lung transplant for a career smoker. I highly recommend this move for anyone that changes jobs a lot, does contract work, or has a young and healthy family and wants to take personal charge of their health expenses.

Posted Aug 31 2006, 12:17 PM by Eric Wise with 16 comment(s)

Filed under: Business / IT, Personal, Easy Web Applications

Know Your Role

Nothing is more dangerous than a programmer pushed into a DBA role who doesn't know crap about databases. Too often, you see consultancies, smaller organizations, and people in general trying to save a buck and not bring any DBA presence on board. Too often I see arrogant developers claim that "DBAs only get in the way" and "I'm not doing anything fancy, I don't need no stinking DBA". To me, this is the equivalent of someone saying "I'm building a house, and I know carpentry, so I'm not hiring a stinking plumber or electrician".

Case in point, I'm taking a look at a software application that seems to be plagued by performance issues. The server, although relatively beefy, is struggling to keep up with what on the front end seem the most simple of requests. So I fire up the SQL Profiler for 20 minutes during the work day when the application is being most utilized and then peek at the results, ordering my profile results (T-SQL and Stored Procedure metrics) by duration and reads. I quickly parse down the lists and find a query that looks up customers by phone number, with the area code and exchange/number separate... what would seem to be a straightforward and low load query.

Here's the metrics from the SQL Trace:

Reads: 416016

Duration: 5422 milliseconds

CPU: 1313

That's a lot of reads, and very very slow as far as I'm concerned. So I pop open the database table to see what kind of indexing is going on. Sadly, there are indexes on the table, but not the appropriate kind. So I blew away the indexes, and recreated them in a more... sensible manner. Then I ran the Profiler and executed a series of similar queries and got the following results:

Reads: 9720

Duration: 78 milliseconds

CPU: 78

As you can see, the performance with a proper index was ASTRONOMICALLY better than the previous setup. I know for a fact that no DBA was involved in the original project and a group of developers with a very high opinion of themselves did everything from start to finish. Hence, my admonition, know your role. Very few people can be all things to all people, and in cases like the one above, even having a minimal DBA presence on the project could have had time spent putting in very basic optimizations like this that could have given much better performance, scalability, and user satisfaction.

Posted Aug 28 2006, 06:37 PM by Eric Wise with 14 comment(s)

Filed under: Business / IT, Rants, Patterns and Practices

2006 ESJ Salary Survey Strikes a Blow to the Ivory Tower?

I'm always interested in following salary data in the Information Technology market mostly because I depend on it for a living, so when the market is doing well, generally I'm doing well. However in this years ESJ salary survey I noticed a very interesting trend.

Oftentimes you see people in the community, mostly language zealots, slashdot kiddies, and sometimes my fellow bloggers lamenting something or other about Microsoft tools, development processes, and the state of the skills of IT workers in general. Many times you see people look down their noses at windows professionals, VB coders, etc claiming that the OSS/Linux/C++/Insert your flavor of the day here developers are "real coders" and all those windows monkeys are just posers.

So what did ESJ find that interested me so much?

A majority of respondents (75 percent) support Windows server environments, including Windows Server 2003, 2000, or NT systems within their companies, a number that has declined slightly from last year's survey (78 percent). About 21 percent have mainframes on site, down from 28 percent a year ago. Another 41 percent support at least one version of commercial Unix, while 31 percent run a midrange-class system, mainly IBM iSeries. About 31 percent run Linux, roughly the same as last year (30 percent)

So there is a movement away from mainframes, and Linux adoption is fairly stagnant. This also continues to support Windows programming as a present and future need in the enterprise. But that's not all folks!

PROGRAMMER ANALYST SALARIES

Year-to-Year Change
2006	2005	2004	2002	2001	1-year change	4-year change
67,400	$65,200	$63,800	$61,700	N/A	+3.4%	+9.2%

Programmers are doing well again! This is a positive trend, but when you look out in the community, when the above mentioned people are spewing their disdain for windows developers, you would expect non windows programming to be more lucrative, after all it is a "niche" market and those people are more "l33t" than their windows counterparts right?

By Operating System Environment
Mainframe	Midrange	AIX/Unix	Windows	Non-Mainframe Linux	Windows Only (Non-mainframe)
$66,100	$67,800	$69,500	$66,000	$57,500	$56,800

Wrong. And the same trend shows in Applications Programmers:

APPLICATIONS PROGRAMMER SALARIES

Year-to-Year Change
2006	2005	2004	2002	2001	1-year change	5-year change
$61,400	$56,500	$53,000	$49,400	$49,200	+8.7%	+24.8%

By Operating System Environment
Mainframe	Midrange	AIX/Unix	Windows	Non-Mainframe Linux	Windows only (Non-mainframe)
$58,000	$64,200	$60,700	$61,700	$56,700	$57,100

Now I did find in the survey a few programming environment entries that included Visual Studio .NET separate from the rest of the languages. Here's the one for Programmer Analyst:

By Programming Environment
CICS	C/C++	COBOL	VB	Java	Visual Studio .NET
$67,000	$71,500	$63,800	$63,900	$68,400	$65,000

You'll note here that Java and C/C++ do beat out salaries for VS .NET, I would be interested to see the experience level cross ref on that though since java and c++ have been around longer than .NET, so they may be top heavy simply due to more experienced senior people demanding higher salaries.

Either way, maybe it's not the developers, maybe it's the network admins that are so much more "l33t" than their windows counterparts?

NETWORK ADMINISTRATOR SALARIES

Year-to-Year Change
2006	2005	2004	2002	2001	1-year change	5-year change
$61,300	$59,300	$57,300	$53,800	$56,000	+3.4%	+9.5%

By Network Environment
Ethernet	Unix	Linux	Windows 2003	Windows 2000	Windows NT	Novell	WinXP
$61,300	$62,700	$58,200	$60,400	$60,000	$60,400	$62,100	$60,100

Nope, the windows guys still make more than the Linux guys, but less than unix. Though on these results the salary difference is "trivial" in my opinion. (I consider anything under 5% trivial)

Anyways, something to think about, and discuss, have fun.

Posted Aug 24 2006, 11:21 AM by Eric Wise with 1 comment(s)

Tech of NSA Wiretapping (and why the warrants argument is dumb)

So it's been all over the news that a judge ruled that the nsa wiretapping program is illegal etc etc etc. I'm not a lawyer, so I'm not really going to go into the legal aspect, however, I got to thinking from a technology perspective, if I was asked to create an effective program to track terror communications over communication lines, how would I go about it?

First, we have to define the scope of the problem:

1. We don't know who the terrorists are.

2. We don't know when and where they are calling from.

3. There are tens of thousands of international communications going on 24/7.

So based upon this problem scope, how would one handle not only identifying terrorists, but ensuring that if one was identified you could quickly and effectively "connect the dots" and identify co-conspirators etc? There are a few obvious things based on the above assumptions:

1. There is no way for any team of humans to manually tap calls.

2. There is no way for a team of humans to listen to every single call.

3. If you do identify a terror suspect, you not only want future records, but past ones as well possibly including the calls of people linked to them via number cross reference.

With these concepts in mind, I can only come up with one conclusion. The only way to effectively handle this type of monitoring is to log all calls, indexed by datetime and phone numbers of both parties. This is a huge amount of data, being that no one can go through it all, the purpose of the system would be whenever any agency raised a red flag on someone, you could pull their records as well as the records of anyone they're in contact with, and then you get the warrant to crack the records open.

Thus, I think this whole hysteria from some people about "warrantless wiretapping" is kind of a FUD argument. If the NSA is recording all of my calls, but never listening to them without probable cause and a warrant, it doesn't really hurt anyone, in addition it maintains the history so if a red flag gets raised, you can go back and figure out what's been going on historically as well as future calls, as well as follow the links by phone number, getting as many warrants as you need to at this point. Because there are tens of thousands of calls a day, it is unfeasible to expect to get warrants to monitor every call, and it is also unfeasible to just delete the ones you aren't listening to, since they may need to be cross referenced and analyzed some day. However, I do think that as soon as a flag is raised, they best be getting a judge and warrant involved.

Posted Aug 18 2006, 02:47 PM by Eric Wise with 17 comment(s)

$170 million??!!

http://www.washingtonpost.com/wp-dyn/content/article/2006/08/17/AR2006081701485.html

So the FBI failed a software project that ran $170 million. I for one am stunned at the total lack of competance in government and the greed/idiocy inherent in contract firms.

Tell you what FBI, I'm sure that we can work out an arrangement where you hire the staff of Codebetter.com plus a few key figures from the blogosphere, We'll put you together a working system and only charge you say... $85 million. =)

Posted Aug 18 2006, 11:24 AM by Eric Wise with 10 comment(s)

Ever Notice?

So I'm sitting on the toilet today, and the damn thing plugs again. You see, any time you use more than 2 wads of paper, the thing plugs. Now for those of you who aren't American, you need to understand that most new houses here have these "eco friendly" toilets that are supposedly better on water usage than the old solid gallon flush ones. Naturally, since these tend to plug with little provocation, you often end up using two, maybe even three (as was the case since I was plunging today) to do the job that a single flush should do. So in the end, the government regulation in my life is generating the opposite of its stated intent.

This got the wheels spinning, and I realized that there are many places where government or community involvement is well meaning, but generates the opposite of its stated intent. Take for instance the current crisis in the middle east. The UN is scrambling to make yet another cease fire resolution. However looking at middle eastern history there have been tons of cease fires before. If cease fires led to lasting peace, the middle east would be a utopia of peacefullness. By the same token, raising minimum wage doesn't push poor people into the middle class, and the more you raise taxes, the lower government tax revenue seems to get (see how Bush's tax cuts actually increased government tax revenue, since more money was left in the market to grow and be taxed).

Now, being this is a coding blog, I wouldn't be posting these thoughts unless I could tie it back to development, and so I shall. In the web world, we have our own series of standards for html, xhtml, css etc etc etc. Have these standards actually made web development any easier? Not really. Why not? The whole purpose of these standards was to make the process of building web pages easy and allow users to use any browser they like. However all the various browser vendors continue to go their own way... they think that their way is superior and are betting that the standards will turn to comform to them instead of the intended effect which is the opposite. A libertarian mindset would be to leave things as is, encourage standards but not require their implementation. A big government perspective would be to mandate standards and legally enforce them. However, what would this do to competition and innovation? Something to think about...

You often see the same thing happen in the open source community. A project "forks" because developers can't agree on a standard way of doing things, and I've often felt that although this generates choice, it undermines the strength of the community since you have now cut your installed base with the fork. Where there were once many, there will now be fewer, the developers that leave take their expertise with them and this needs to be replaced or compensated for which can harm the progress of the original project.

It is the one big strength that Microsoft leverages in software though, all of their applications talk to eachother, and talk well. They have internal standards that for the most part they stick to, and you tend to know what you are going to get. In the end, I think this is the trump card that is going to keep the OSS community in the minority, they can't seem to agree to implement standards and interfaces for the sake of competition.

Posted Aug 06 2006, 08:18 PM by Eric Wise with 15 comment(s)

NDoc may be dead

From the lead dev of NDoc:

I have decided to discontinue work on NDoc 2.0 and no longer participate in any open-source development work.

The development and release of NDoc 1.3 was a huge amount of work, and by all accounts widely appreciated. Unfortunately, despite the almost ubiquitous use of NDoc, there has been no support for the project from the .Net developer community either financially or by development contributions. Since 1.3 was released, there have been the grand total of eleven donations to the project. In fact, were it not for Oleg Tkachenko’s kind donation of a MS MVP MSDN subscription, I would not even have a copy of VS2005 to work with!

To put this into perspective, if only roughly 1-in-10 of the those who downloaded NDoc had donated the minimum allowable amount of $5 then I could have worked on NDoc 2.0 full-time and it could have been released months ago! Now, I am not suggesting that this should have occurred, or that anyone owes me anything for the work I have done, rather I am trying to demonstrate that if the community values open-source projects then it should do *something* to support them. MS has for years acknowledged community contributions via the MVP program but there is absolutely no support for community projects.

Once ‘Sandcastle’ is released, it is my belief that it will become the de-facto standard and that NDoc will slowly become a stagnant side-water. This will happen regardless of technical considerations, even if Sandcastle were to be less feature-complete. It's just an inevitable result of MS's 'not-invented-here' mentality, one only has to look at Nant and NUnit to see the effects of MS 'competition'.

This is not, however, my only reason for stopping development work - I have a big enough ego to think I could still produce a better product than them

As some of you are aware, there are some in the community who believe that a .Net 2.0 compatible release was theirs by-right and that I should be moving faster – despite the fact that I am but one man working in his spare time...

This came to head in the last week; I have been subjected to an automated mail-bomb attack on both my public mail addresses and the ndoc2 mailing list address. These mails have been extremely offensive and resulted in my ISP temporarily suspending my account because of the traffic volume. This incident has been reported to the local authorities, although I am highly doubtful they will be able to do anything about it.

This has was the ‘last-straw’ and has convinced me that I should withdraw from the community; I’m not prepared to have myself and my family threatened by some lunatic!

Kevin

P.S. If anyone wants to take over as admin on the SourceForge NDoc project - contact me. If not, I'll be removing myself in 14 days.

I find this interesting. I too bought into the open source / feel good community aspect with my Easy Assets application. Now, I didn't get near as many downloads as NDoc I'm sure, but I did have hundreds, and let me tell you I had the same result. No community resubmissions of code, no donations, jack-diddly-squat.

Like Kevin, I don't see myself ever working on FOSS ever again, unless I win the mega millions or something... With my family, full time job, etc., I just don't have the time for activities that generate no profit.

Posted Aug 02 2006, 06:18 PM by Eric Wise with 20 comment(s)

Basics: Master Page FAQ

I lurk around some of the joel and microsoft forums from time to time and every once in a while I pop up to the surface to answer some .net questions. I've been meaning for a while to compile some of the basic questions I see pop up frequently about master pages.

How can my page talk to my master page?

Couple ways to do this. Page.Master will give you a loose reference to whatever the master page is, and then you can use FindControl() to locate and manipulate whatever controls you need to. Personally, I do not like this method because FindControl is prone to typos, and won't raise a compiler error if someone takes that control out or renames it. It also makes the page responsible for controls in the master, I think the master should be in charge of that.

The better way to accomplish this is to get a strong reference to your master page, and then call public methods to set and query values. There are two ways to go about this. In method one, in your .aspx page below the <% page %> directives you can put the following directive:

<%@ MasterType VirtualPath="~/MyMaster.master" %>

Now when you type Page.Master. intellisense will fire up all the methods in your master page that you have made available. You can also cast Page.Master yourself as follows:

((MyMaster)Page.Master).Foo()

Can I dynamically set a master page at runtime?

Certainly! Use the page_preinit event:

void BasePage_PreInit(object sender, EventArgs e)
{
MasterPageFile = "~/MyMaster.master";
}

What the hell is up with order of events with master pages?

Maybe you should ask Scott Guthrie. Just remember to watch out for Page_Load and Page_Init. If you expose a Page_Load in the master and content, the content will fire first. For Page_Init, the master will fire first. Init bubbles from the inside out, and it's a common mistake by newbie asp .net developers to think that because the master page visually "wraps" content that it is outside. In reality during execution the master page is on the inside. =)

My control names are all messed up!

Because you can have multiple content names and .net needs to ensure that all IDs are unique, you'll find that controls inside the content page will be prepended with some goo that makes them unique. This can cause issues if you are using javascript which references controls. The solution to this is to use the ClientId property of your server controls. Here's an example of showing and hiding a server side <div> element with javascript:

</script>